feat(workspaces): expose role-aware membership details

apps/workspaces/tests/test_capabilities.py

@@ -230,6 +230,31 @@ def test_member_project_manager_cannot_edit_project(api_client, member, project)
     assert response.status_code == 403
 
 
+def test_member_can_list_workspace_members_with_restricted_user_fields(api_client, member, workspace):
+    api_client.force_authenticate(user=member)
+
+    response = api_client.get(f"/api/workspace-memberships/?workspace={workspace.id}")
+
+    assert response.status_code == 200
+    payload = response.data.get("items", response.data) if isinstance(response.data, dict) else response.data
+    assert len(payload) >= 1
+    first_user = payload[0]["user"]
+    assert "mobile" not in first_user
+    assert "email" not in first_user
+
+
+def test_owner_can_list_workspace_members_with_full_user_fields(api_client, owner, workspace):
+    api_client.force_authenticate(user=owner)
+
+    response = api_client.get(f"/api/workspace-memberships/?workspace={workspace.id}")
+
+    assert response.status_code == 200
+    payload = response.data.get("items", response.data) if isinstance(response.data, dict) else response.data
+    assert len(payload) >= 1
+    first_user = payload[0]["user"]
+    assert "mobile" in first_user
+
+
 def test_admin_cannot_change_owner_membership_but_canonical_owner_can(
     api_client, owner, admin, extra_owner, workspace
 ):